1. Patching Guide
  2. Patching Individual Components
  3. Patching Etcd and Vault

Patching Etcd and Vault

Caution:

Ensure that all preparation steps for system patching have been completed. For instructions, see Prepare for Patching.

The secret service contains two components that need to be patched separately in this particular order: first Etcd, then Vault.

The Etcd and Vault patches are rolling patches: each patch is executed on all three management nodes with one command.

Note:

In software version 3.0.2-b892153 and later all patch operations are based on the upgrade plan, which is generated when the pre-upgrade command is executed. For more information, see Prepare for Patching. When a component is already at the required version, the patch operation is skipped. However, patching with the same version can be forced using the Service Web UI or Service CLI command option (force=True), if necessary.

Ensure you perform a system backup before you apply a patch. See the Backup and Restore section of the Oracle Private Cloud Appliance Administrator Guide.

Using the Service Web UI

  1. In the navigation menu, click Upgrade & Patching.

  2. In the top-right corner of the Upgrade Jobs page, click Create Upgrade or Patch.

    The Create Request window appears. Choose Patch as the Request Type.

  3. Select the appropriate patch request type: Patch Etcd.

  4. If required, fill out the patch parameters:

    • ULN: Enter the fully qualified domain name of the ULN mirror in your data center. This parameter is deprecated in software version 3.0.2-b892153 and later.

    • Advanced Options JSON: Not available.

    • Log Level: Optionally, select a specific log level for the upgrade log file. The default log level is "Information". For maximum detail, select "Debug".

  5. Click Create Request.

    The new patch request appears in the Upgrade Jobs table.

  6. When the Etcd patch has completed successfully, repeat this procedure to create a patch for Vault.

Using the Service CLI

  1. Enter the two patch commands. Wait until the Etcd patch operation is finished before starting the Vault patch operation.

    PCA-ADMIN> patchEtcd
Command: patchEtcd
Status: Success
Time: 2022-01-24 18:43:56.849 UTC
Data: Service request has been submitted.  Upgrade Job ID = 1642593966208-etcd-6066 \
Upgrade Request ID = UWS-1ee38895-dedf-41c5-ab77-eebe294707ed

PCA-ADMIN> patchVault
Command: patchVault
Status: Success
Time: 2022-01-24 18:48:21.841 UTC
Data: Service request has been submitted.  Upgrade Job ID = 1642594274785-vault-29202 \
Upgrade Request ID = UWS-77bc0c30-7ff5-4c50-ad09-6f96907e22e1

  2. Use the request ID and the job ID to check the status of the upgrade process.

    PCA-ADMIN> getupgradejobs
Command: getupgradejobs
Status: Success
Time: 2023-01-24 21:23:22,117 UTC
Data:
  id                               upgradeRequestId                           commandName   result
  --                               ----------------                           -----------   ------
  1642594274785-vault-29202        UWS-77bc0c30-7ff5-4c50-ad09-6f96907e22e1   vault         Passed
  1642593966208-etcd-6066          UWS-1ee38895-dedf-41c5-ab77-eebe294707ed   etcd          Passed

PCA-ADMIN> getUpgradeJob upgradeJobId=1642594274785-vault-29202
Command: getUpgradeJob upgradeJobId=1642594274785-vault-29202
Status: Success
Time: 2023-01-24 21:55:43,804 UTC
Data:
  Upgrade Request Id = UWS-77bc0c30-7ff5-4c50-ad09-6f96907e22e1
  Name = vault
[...]